IN THE CLAIMS : 



Please cancel claims 1-12, and add new claims 13-30 as follows: 
1.-12. (Canceled) 

13. (New) A method of defining rights for controlling access to one or more 
resources of a computer, comprising: 

receiving requests to access a resource from a process; 

providing the received requests to an intrusion detection module for determining 

resource access rights for the process; 
receiving from the intrusion detection module, in response to providing the received 

requests, a description of the resource access rights for the process; and 
storing data representative of the resource access rights for the process. 

14. (New) The method of claim 13, wherein storing the data representative of the 
resource access rights for the process comprises: 

storing an execution path that identifies the process; 

storing a directory path identifying a computer resource that the process is allowed to 
access. 

15. (New) The method of claim 14, further comprising: 

storing a value associated with the directory path, the value describing a type of 
allowable resource access by the process. 

16. (New) The method of claim 14, wherein storing the directory path comprises: 
representing the directory path using a meta-symbol. 

1 7. (New) The method of claim 16, wherein the meta symbol represents one or more 
items of information selected from the set consisting of: an identification of a user of the process 

2 

24089 /Case 9273 
Serial No. 10/694,071 
24089/09273/DOCS/l 509358.2 



accessing the resource; a path wildcard; a directory wildcard; a character wildcard; and a portion 
of a name of the resource. 

1 8. (New) The method of claim 13, wherein receiving a description of the resource 
access rights of the process from the intrusion detection module comprises: 

receiving a behavioral characteristic of the process; and 
determining the allowable access rights based on the received behavioral 
characteristic of the process. 

19. (New) A system for defining rights for controlling access to one or more 
resources of a computer, comprising: 

an interface module adapted to receive a request to access a resource from a process; 
an analysis module adapted to: 

provide the received requests to an intrusion detection module for determining 

resource access rights for the process; 
receive from the intrusion detection module, in response to providing the received 

requests, a description of the resource access rights for the process; and 
generate data representative of the resource access rights for the process; and 
a memory module adapted to store data representative of the resource access rights for 
the process. 

20. (New) The system of claim 19, wherein the data representative of the resource 
access rights for the process comprise: 

an execution path that identifies the process; and 

a directory path identifying a computer resource that the process is allowed to access. 

21 . (New) The system of claim 20, wherein the data representative of the acceptable 
resource access rights for the process further comprise: 

a value associated with the directory path and describing a type of allowable resource 
access by the process. 
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22. 
symbol. 



(New) The system of claim 20, wherein the directory path comprises a meta- 



23. (New) The system of claim 22, wherein the meta symbol represents one or more 
items of information selected from the set consisting of: an identification of a user of the process 
accessing the resource; a path wildcard; a directory wildcard; a character wildcard; and a portion 
of a name of the resource. 

24. (New) The system of claim 19, wherein the analysis module is further adapted to: 
receive a behavioral characteristic of the process from the intrusion detection module; 

and 

determine the allowable resource access rights based on the received behavioral 
characteristic of the process. 

25. (New) A computer program product having a computer-readable medium having 
embodied thereon program code for defining rights for controlling access to one or more 
resources of a computer, the program code comprising: 

an interface module adapted to receive a request to access a resource from a process; 
an analysis module adapted to: 

provide the received requests to an intrusion detection module for determining 

resource access rights for the process; 
receive from the intrusion detection module, in response to providing the received 
requests, a description of the acceptable resource access rights for the 
process; and 

generate data representative of the resource access rights for the process; and 
a memory module adapted to store data representative of the resource access rights for 
the process: 

26. (New) The computer program product of claim 25, wherein the data 

representative of the resource access rights for the process comprise: 

an execution path that identifies the process; and 

4 

24089 / Case 9273 
Serial No. 10/694,071 
24089/09273/DOCS/1509358.2 



a directory path identifying a computer resource that the process is allowed to access. 

27. (New) The computer program product of claim 26, wherein the data 
representative of the acceptable resource access rights for the process further comprise: 

a value associated with the directory path and describing a type of allowable resource 
access by the process. 

28. (New) The computer program product of claim 26, wherein the directory path 
comprises a meta-symbol. 

29. (New) The computer program product of claim 28, wherein the meta symbol 
represents one or more items of information selected from the set consisting of: an identification 
of a user of the process accessing the resource; a path wildcard; a directory wildcard; a character 
wildcard; and a portion of a name of the resource. 

30. (New) The computer program product of claim 25, wherein the analysis module 
is further adapted to: 

receive a behavioral characteristic of the process from the intrusion detection module; 
and 

determine the allowable resource access rights based on the received behavioral 
characteristic of the process. 
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